SafeKeeper.life - Secure by design

Your data is always 100% yours We never store your data

Back to Documentation

User FAQ

User Guide

FAQ: Emergency Triggers

General Questions

What are emergency triggers?

Emergency triggers are automated mechanisms that seal your Safe and distribute Key shares (herein known as Keys) to designated Keyholders when specific conditions are met. They ensure your Safe contents (your credentials) can be accessed even if you can’t manually trigger the sealing of your Safe yourself.

Why do I need emergency triggers?

Without emergency triggers, your credentials could become permanently inaccessible if you:

  • Die suddenly without time to manually seal your Safe
  • Become incapacitated and unable to use the system
  • Lose access to your accounts or devices
  • Experience cognitive decline

Emergency triggers provide an automatic failover to ensure your designated Keyholders can access your credentials in these scenarios.

When should I set up emergency triggers?

Set up emergency triggers BEFORE locking your Safe. Trigger settings cannot be changed after the Safe is locked without first unlocking the Safe with your password.

Can I use emergency triggers without designating Keyholders?

No. Emergency triggers require designated Keyholders to receive Keys when the trigger fires. You must designate at least as many Keyholders as your Safe permits before locking with the triggers enabled.

Trigger Configuration

Can I change trigger settings after locking my Safe?

No, not without unlocking your Safe first. To change trigger settings:

  1. Unlock your Safe with your password
  2. Update you trigger configuration
  3. Re-lock your Safe with a password (this can be different each time you lock your Safe if you want)

Re-locking your Safe generates new Keys with the new trigger settings.

Can I enable multiple triggers at the same time?

Yes! You can enable any combination of the four trigger types. The FIRST trigger to fire will seal your Safe.

Common combinations:

  • Inactivity + Attestation (time-based + human verification)
  • Scheduled + Attestation (planned date + early trigger)
  • All four triggers (maximum redundancy)

Which trigger type should I use?

It depends on your situation:

  • Manual: Everyone should have this (it’s always enabled)
  • Inactivity: Good if you log in regularly and want a time-based safety net
  • Attestation: Good if you have trustworthy contacts who would know of your death
  • Scheduled: Good for estate planning with a specific timeline

Most users will benefit from Inactivity + Attestation for comprehensive coverage.

What’s the difference between Keyholders and Voters?

  • Keyholders: Receive Keys and can reveal your credentials (they need the threshold number of Keys to do this)
  • Voters: Can attest that you’re deceased (only for attestation trigger)

These groups can overlap, but serve different functions. Voters trigger the sealing of your Safe, Keyholders perform the revealing of the credentials of your Safe.

Inactivity Trigger

How is my activity tracked?

Your activity is automatically tracked when you:

  • Sign in to SafekeeperLife
  • Manage your Safes (lock, unlock, configure)
  • Update your user profile
  • Perform certain operations on your Safes

No special action is required — just using the system normally updates your activity timestamp.

What counts as “activity”?

Any authenticated action in SafekeeperLife updates your last_activity_at timestamp:

  • Signing in
  • Viewing your Safes
  • Managing Keyholders
  • Configuring triggers
  • Any API calls with your authentication token

I didn’t receive inactivity warning emails. What happened?

Check:

  1. Spam/junk folders
  2. Email address in your profile (is it current?)
  3. Email server logs (may have bounced)
  4. System administrator for delivery issues

Note: Warning emails are sent at:

  • Start of grace period (Day 0)
  • Midpoint (50% through grace period)
  • Final day before sealing

What happens during the grace period?

During the grace period:

  1. You receive warning emails at intervals (start, midpoint, final day)
  2. Your Safe remains locked (not sealed)
  3. If you sign in, the inactivity timer resets and the grace period ends
  4. If you don’t sign in, your Safe is sealed at end of the grace period

Purpose: To give you time to respond if you’re temporarily unable to sign in, while still providing automatic sealing of your Safe if you’re truly incapacitated.

Can I reset the inactivity timer without signing into the web interface?

Currently, no. You must authenticate to SafekeeperLife via the web interface to update your activity timestamp.

Future enhancement: API endpoints or heartbeat mechanisms could be added for programmatic activity updates.

I missed my grace period. Is my Safe sealed?

Yes. Once the grace period expires without activity, your Safe is automatically sealed and the Keys are distributed to your Keyholders.

If you’re still alive:

  1. Contact your Keyholders immediately
  2. Instruct them NOT to use the Keys yet
  3. Coordinate with them when you’re actually gone (if you can or via a trusted third-party)
  4. Consider this a test of your emergency system

Note: You cannot “unseal” your Safe. It remains sealed until the Keyholders reveal its credentials.

Attestation Trigger

Who should I designate as Voters?

Choose people who:

  • Would reliably know of your death (family, close friends, legal representative, doctor)
  • Are trustworthy (won’t falsely attest while you’re alive)
  • Will act responsibly (only attest when appropriate)
  • Have stable email addresses

Common choices: Spouse, adult children, siblings, close friends, lawyer, doctor.

Why must votes required (M) be greater than the Key threshold (k)?

This is a security constraint to prevent the same small group from controlling both the sealing and revealing of your Safe.

Example (INSECURE):

  • Threshold k=2, Votes Required M=2
  • Same 2 people can attest (seal Safe) AND reveal credentials
  • No checks and balances

Example (SECURE):

  • Threshold k=2, Votes Required M=3
  • Need 3 people to attest to seal, 2 to reveal
  • Requires broader consensus to seal your Safe
  • Different groups control each part of the process

What if someone falsely attests that I have passed away?

Immediate:

  • Sign in to SafekeeperLife as soon as possible
  • Signing in clears ALL attestation votes (and proves you’re alive)
  • Your Safe does not seal (the vote count resets to zero)

Preventative:

  • Choose trustworthy Voters
  • Set M high enough to require consensus (not just 1-2 people)
  • Make it clear to Voters that false attestation is a serious breach of trust

Legal:

  • False attestation may have legal consequences (fraud, false statements and so on)

Do Voters need to coordinate with each other?

Not necessarily. Each Voter can attest independently when they learn of your death. The system counts votes automatically and seals your Safe when the threshold M is reached.

However, Voters may want to communicate to:

  • Verify information (is the safekeeper really deceased?)
  • Ensure credible evidence before attesting
  • Coordinate the timing for sealing your Safe

Can I vote for my own Safe?

No. You cannot attest to your own death (obviously). Voters are separate from you (as the Safekeeper).

What happens if I sign in after some people have voted?

All attestation votes are cleared immediately. This proves you’re alive and resets the attestation trigger.

Note: This is why M > k is important. If votes required is too low, a few people could repeatedly vote and you’d have to keep signing in to clear votes.

Scheduled Trigger

What time of day does the scheduled trigger fire?

The scheduled trigger fires based on DATE, not specific time. The monitor checks daily, and if the current date matches or exceeds the scheduled seal date, your Safe is automatically sealed.

Implementation: The monitor checks once per day. Sealing happens during that check on or after the scheduled date.

Can I cancel a scheduled trigger before it fires?

Yes:

  1. Unlock your Safe with your password (before the scheduled date)
  2. Disable the scheduled trigger or change the scheduled date
  3. Re-lock your Safe

Note: You must unlock your Safe before the scheduled date. Once your Safe is sealed, you cannot circumvent the seal.

What if I want to postpone the scheduled date?

Same process as cancelling:

  1. Unlock your Safe (before the current scheduled date)
  2. Update scheduled date to a new future date
  3. Re-lock your Safe with a password (this can be different each time you lock your Safe if you want)

Do I receive reminders before the scheduled date?

Yes! Reminder emails are sent at:

  • 30 days before the scheduled date
  • 7 days before the scheduled date
  • 1 day before the scheduled date

Purpose: Gives you an opportunity to postpone if your circumstances change.

Multiple Triggers

If I enable multiple triggers, which one fires?

The FIRST trigger whose conditions are met. Once one trigger seals your Safe, the others are no longer relevant.

Example:

  • Inactivity (180 days) + Scheduled (1 year from now)
  • If you’re inactive for 180 days + grace period, inactivity trigger fires first
  • Your Safe is sealed, scheduled trigger never fires

If one trigger fires, can I see which one in the system?

Yes. The record associated with your Safe includes:

  • sealed_by_trigger: Which trigger type sealed your Safe (inactivity, attestation, scheduled, or manual)
  • sealed_at: Timestamp when seal occurred

This information is logged and visible to system administrators.

Should I enable all four triggers?

It depends on your needs:

Pros:

  • Maximum redundancy
  • Covers all scenarios
  • Higher confidence that your credentials will be accessible

Cons:

  • More complex to manage
  • More warning emails to monitor
  • Need to maintain more trigger configurations

Recommendation: Most users will benefit from Inactivity + Attestation + Manual. Add Scheduled if you have specific date requirements.

Keyholders

How many Keyholders should I designate?

Minimum: Same as your threshold (k)

Recommended: Add 1-2 spare Keyholders (n = k + 1 or k + 2) by buying spare Keys

Example:

  • Threshold k=2, designate n=3 Keyholders (purchased 1 spare Key)
  • If one Keyholder is unavailable, the other 2 can still reveal your Safe

Rationale: Redundancy ensures revealing is possible even if some Keyholders are unavailable.

What if a Keyholder loses their Key?

If you have spares (n > k):

  • The remaining Keyholders can still reveal your Safe (they need k Keys)
  • Example: k=2, n=3, one lost → still have 2 Keys available

If you don’t have spares (n = k):

  • All Keyholders are required
  • Lost Key means revealing your Safe is impossible
  • Prevention: Designate spare Keyholders (n > k)

After revealing a Safe:

  • Consider designating additional Keyholders for next time

Can I designate a Keyholder who doesn’t have a SafekeeperLife account?

Yes! Keyholder designations include their email address. When the trigger fires, the Keyholder receives their Key via email with instructions.

They can then register an account and upload their Key to reveal your Safe.

Note: Pre-registration is tracked but not required. The system uses their email as the primary identifier.

What if a Keyholder’s email bounces?

Immediate:

  • You should receive bounce notification
  • Other Keyholders still receive their Keys (if n > k, reveal may still be possible)

Preventative:

  • Unlock your Safe
  • Update Keyholder’s email address
  • Re-lock Safe (generates new Keys)

Best practice: Verify Keyholder emails annually during maintenance review.

Can Keyholders see who the other Keyholders are?

Not automatically. However, you should tell Keyholders who the other Keyholders are so they can coordinate during reveal.

Recommendation: Provide Keyholders with:

  • List of other Keyholder names/contact info
  • Instructions for coordinating the revealing of your Safe
  • The threshold required (how many Keys are needed to reveal your Safe)

What if Keyholders don’t trust each other?

Challenge: Keyholders need to coordinate to reveal. If they don’t trust each other, coordination is difficult.

Solutions:

  1. Choose trustworthy Keyholders: Select people who would work together
  2. Professional Keyholders: Lawyers, accountants have fiduciary duty
  3. Documented instructions: Provide clear instructions for how/when to reveal
  4. Legal instrument: Include Key reveal in will/estate plan

Note: Some level of trust is required for threshold cryptography. If Keyholders won’t cooperate, reveal is impossible regardless of technical implementation.

After a Trigger Fires

My Safe was sealed by a trigger. Can I unseal it?

No. Once sealed, the Safe cannot be “unsealed” back to a locked state.

Sealed safes can only:

  • Remain sealed (Keyholders wait)
  • Be revealed (k Keyholders upload their Keys)
  • Be removed (after reveal, if Safekeeper chooses)

If you’re still alive and a trigger fired prematurely:

  • Contact Keyholders and coordinate on when to actually reveal your Safe
  • Consider this a test of your system
  • Learn from the experience (adjust trigger settings next time)

What happens to my Safe after the Keyholders reveal the credentials?

After reveal:

  1. Your Safe status changes to revealed
  2. Credentials are decrypted and accessible
  3. Keyholders can view/download credentials
  4. Safe remains in revealed state

Cleanup:

  • Safekeeper (if alive) or executor can choose to remove the Safe
  • Encrypted data are deleted from our database when your Safe is removed

Can Keyholders reveal the Safe at any time, or is there a deadline?

No deadline. Keys don’t expire. Keyholders can coordinate reveal whenever they’re ready.

Best practice: Don’t rush. Take time to:

  • Coordinate with all Keyholders
  • Verify the Safekeeper has actually passed
  • Ensure proper legal authority (executor, etc.)
  • Understand what credentials you’re revealing

Who can see the revealed credentials?

After reveal:

  • All Keyholders can see the credentials
  • System administrators (if they query the database)
  • Anyone the Keyholders choose to share with

Security note: Once revealed, credentials are no longer encrypted. Keyholders should:

  • Secure the revealed credentials appropriately
  • Change passwords/Keys after use
  • Consider credentials compromised after reveal

Can I test my emergency trigger setup without actually sealing my Safe?

Not fully, but you can test parts of the process:

  1. Designations: Verify Keyholders/Voters receive thier designation emails
  2. Warnings: Configure short inactivity period, receive grace period warnings
  3. Emails: Check that email delivery works
  4. Process: Document and review with Keyholders

Cannot safely test:

  • Actual sealing (as this action is irreversible)
  • Key distribution (would prematurely reveal Keys)
  • Decryption (would expose master Key)

Recommendation: Thorough review and documentation is better than risky live testing.

Need Help?

Can't find what you're looking for? Check out our other guides or return to the documentation index.

← All Documentation Getting Started Guide →
Back to Documentation Getting Started Guide